paint-brush
How to VPN connect between Azure and AWS with Managed Services.by@jkudo
27,709 reads
27,709 reads

How to VPN connect between Azure and AWS with Managed Services.

by Jun KudoFebruary 18th, 2019
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

2019/2/6 IKEv2 compatible news came in at AWS with Site to Site VPN.

Company Mentioned

Mention Thumbnail
featured image - How to VPN connect between Azure and AWS with Managed Services.
Jun Kudo HackerNoon profile picture

Introduction

2019/2/6 IKEv2 compatible news came in at AWS with Site to Site VPN.


AWS Site-to-Site VPN Now Supports IKEv2https://aws.amazon.com/about-aws/whats-new/2019/02/aws-site-to-site-vpn-now-supports-ikev2/


The point when connecting Azure and AWS was that AWS only supported IKEv1.This time, it became possible to realize two-way connection by supporting IKEv2.


However, there are notes.BGP can not be used (it may be possible depending on settings).

The connection configuration diagram is as follows.






The procedure is as follows.Azure side1, Create virtual network2, Create gateway subnet3, creation of public IP4, Create virtual network gateway








AWS side5, creation of VPC6, Create subnet7, Create Internet gateway (optional)8, create the customer gateway statically9, Creating Virtual Private Gateway10, create a VPN connection statically11, download the configuration file



Azure side12, Create a local network gateway13, Create connection


AWS side14, add a virtual private gateway to the routing table



optionAzure side15 Setting up two connections

Below, we will explain in Step by Step.

1, Create virtual network


Create virtual network.The segment on the Azure side is 10.0.0.0/16.

2, Create gateway subnet


Create a gateway subnet.Open the subnet from the virtual network screen and click on the gateway subnet to create it.

Create a subnet created in 1 with another CIDR.

Confirm that it was created.

3, creation of public IP

Create a public IP.

4, Create virtual network gateway

Create a virtual network gateway.

5, creation of VPC


Create VPC.The segment on the AWS side is 192.168.0.0/16.

6, Create subnet

Create a subnet.

7, Create Internet gateway (optional)

Create Internet gateway (optional).

Attach the Internet gateway to the VPC.

Specify the Internet gateway at 0.0.0.0/0 in the route table.

8, create the customer gateway statically

Check the IP address from Azure’s virtual network gateway.

Create the customer gateway statically. Enter the IP address confirmed in the previous section in the IP address.

9, Creating Virtual Private Gateway

Create Virtual Private Gateway.

10, create a VPN connection statically

Create a VPN connection statically. Add the subnet on the Azure side to the prefix.

11, download the configuration file

Download the configuration file. It is Generic to choose.





Check the following.IPSec Tunnel # 1Pre-Shared KeyOutside IP Addresses:-Virtual Private Gateway

12, Create a local network gateway



Create a local network gateway.For the IP address, set the above-identified IP address (Virtual Private Gateway).In the address space, enter the VPC segment on the AWS side.

13, Create connection

Add from virtual network gateway connection.

Enter the confirmed common key (Pre-Shared Key).

Confirm that it is connected.

14, add a virtual private gateway to the routing table

Add a virtual private gateway to the routing table.

15 Setting up two connections



Create a local network gateway separately.At this time, check the IPSec Tunnel # 2 of the downloaded file and enter it.After creation, specify the local network gateway you created and create a connection.

By setting up two connections, communication continues even if one connection expires to some time signature.

Communication confirmation

Azure, AWS to confirm that you can communicate with each other.

All of the work is completed with this.

Throughput

I roughly measured the throughput using iperf.


Azure:Standard D2s v3 (2 vcpu、8 GB memory)AWS:m5.large (2 vcpu 、8 GB memory)

Azure→AWS







------------------------------------------------------------Client connecting to 192.168.0.5, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 10.0.0.4 port 51160 connected with 192.168.0.5 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 659 MBytes 553 Mbits/sec

AWS→Azure







------------------------------------------------------------Client connecting to 10.0.0.4, TCP port 5001TCP window size: 45.0 KByte (default)------------------------------------------------------------[ 3] local 192.168.0.5 port 50116 connected with 10.0.0.4 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-10.0 sec 759 MBytes 636 Mbits/sec

I wonder if it is usually faster than a leased line service.

Summary







I was able to confirm that AWS can directly connect with Azure by supporting IKEv2.Until now, it was necessary to prepare a Windows server etc. to VPN Azure and AWS.There is no necessity of setting up a virtual machine by enabling VPN to be established only by the managed service,The need to manage has been reduced, so that we do not care about operation almost.I believe that Azure and AWS can be connected in a mutually managed environment so that it can be used for various purposes in the future.I think that Azure is good at Azure, AWS is good at using AWS, DR for use and I think that there are many useful values.In addition, multi cloud will proceed! !

I am very happy because it was a feature I wanted for years ago!

Original Content (Japanese) : http://level69.net/archives/26362